SSA-728618 — Vulnetix

SSA-728618 PUBLISHED CVSS 7.800000190734863 HIGH

Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats. If a user is tricked to opening a malicious file using the affected application this could lead the application to crash, or potentially arbitrary code execution on the target host system. Siemens recommends to update to the latest version and to limit opening of files from unknown sources in the affected products.

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	Solid Edge SE2021

Exploit Intelligence

https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf (circl)
https://cert-portal.siemens.com/productcert/txt/ssa-728618.txt (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-728618.json (circl)

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-728618.txt advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-728618.json advisory

Open in Interactive Console →